Cisco 891 Router & VPN Setup

Ive followed every wizard in the CCP program to setup a simple VPN so I can access my work ne

twork from home and nothing works. I am lost and out of ideas.

Can anyone give me a simple walkthrough on setting one up? I just want to be able to setup a connection in windows that i can "connect" to from my home cable internet using a username/password that will allow me to access the network from home as if my computer was there at the office.

Do I need special software on the remote computer? Ive seen people connect to vpns just using windows vpn connection setup, i assume via IPSEC?

The following assumes that FastEthernet 0/1 is NAT outside and 0/0 is NAT inside.

From global config mode: (just add theses lines to the ACL you already have on outside)

##Access list to permit IPSEC/ISAKMP packets.

ip access-list ex outside-interface-in

permit udp any host 192.168.1.1 eq isakmp

permit udp any host 192.168.1.1 eq non500-isakmp

permit ahp any host 192.168.1.1

permit esp any host 192.168.1.1

exit

##Access list for split tunneling so that you can still access internet from your remote client while tunneled to work.

ip access-list ex SPLIT_TUNNEL

permit ip 10.10.10.0 0.0.0.255 any

permit ip 10.20.20.0 0.0.0.255 any

exit

##Addresses assigned to remote access VPN clients.

ip local pool VPNPOOL 10.40.40.1 10.40.40.20

##If you already have login authentication and network authorization configured, just stick with what you have.

aaa authentication login LOCAL_AUTHEN local

aaa authorization network GROUP_AUTHOR local

username myvpnuser secret MYSECRETPASSWORD

int fa 0/1

ip access-group outside-interface-in in

exit

crypto isakmp enable

crypto isakmp policy 10

hash sha

auth pre

group 5

lifetime 86400

encryption aes 256

exit

crypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac

crypto isakmp client configuration group MYVPNGROUP

dns 10.10.10.5

wins 10.10.10.6 ##whatever they are.

key

acl SPLIT_TUNNEL

pool VPNPOOL

exit

crypto dynamic map MYDYNMAP 1

set transform-set MYSET

reverse-route

exit

crypto map MYMAP client authentication list LOCAL_AUTHEN

crypto map MYMAP isakmp authroization list GROUP_AUTHOR

crypto map MYMAP client configuration address respond

crypto map MYMAP 10 ipsec-isakmp dynamic MYDYNMAP

interface fa0/1

crypto map MYMAP

exit

I think that's pretty much it.

To set up the client, you need the group name (MYVPNGROUP), the outside address of your router, the key from the "crypto isakmp client" section, and your username and password. I highly recommend getting hold of the Cisco Easy VPN client, but this should work with the Windows client.